Joseph S. Nye, Jr., a former US assistant secretary of defense and chairman of the US National Intelligence Council, is University Professor at Harvard University. He is the author of Is the American Century Over?

Comments

When the difference in action by government agencies and hackers is difficult to determine - however different the objective may be - then the chances of cyber war stopping are slim to nothing.

Reference is made to the dark web without note being made that the origin of the same was the US government. Reference is made to attacks on US sites without noting the reports of the US agencies making similar attacks on foreign installations. And we know the US is not the only player

Wholesale invasion of citizens privacy has occurred justified retrospectively for security reasons yet alarm bells are clearly not always acted upon - yet if anything more not less intrusion of citizens privacy can be expected in reality

At some point in all of this you start to ask just who is the enemy

As far as stuff like the SONY event goes why should anybody have sympathy, they did not take care. They were not the first and will not be the last, in fact are already not the last. If a teenager with a basic PC can breach a site with sign in and log in passwords of 'Tim' and 'Tim' - as has been reported recently in the UK with a major telecomms company - then such a business is not fulfilling their duty of care of customer details

Commercial sites are not the same as strategic defence and the two should not be casually combined to present a bigger picture than the real issue which is how much should governemnt agencies be doing

As noted but passed over quickly by the author actually little has occurred in attacks on government installations

I am afraid I read this article as a basic plug for a bigger budget and bigger activity, as if the exisitng one was not big enough

The issue to be addressed first is more effective action on flags identified in current processes. Frequently events occur and then it is admitted flags had been wavedRead more

Joseph S. Nye wonders whether the threat of a "cyber Pearl Harbor" is real. He mentions the then US Secretary of Defense Leon Panetta's warning in 2012, that hackers could “shut down the power grid across large parts of the country.” In recent years there had been spectacular cyber attacks on high-profile targets, prompting state authorities and private companies to upgrade their capabilities, in order to improve the "forensics of attribution." But these were acts of sabotage - non violent attacks. When one talks about war, one thinks of violence and casualties.Nye asks if cyber warfare can be "deterred?" He says, unlike nuclear security, which revolves around "only nine states with nuclear weapons," it is difficult to attribute "the source of an attack" in a cyber-warfare, "because of the large and diverse number of state and non-state actors involved."Basically, cyber attacks on military infrastructure, government and communications systems, and financial markets pose a rapidly growing threat to international security and could become a decisive weapon of choice in future conflicts. What Nye finds alarming is that non-state actors don't face high entry barriers to vulnerable facilities, as their "weapon can consist of a few lines of code that can be invented (or purchased on the so-called dark web) by any number of state or non-state actors. A sophisticated attacker can hide the point of origin behind the false flags of several remote servers."Despite fear, "none of these catastrophic scenarios has occurred," because cyber warfare is a double-edged sword. Nye says the most effective tool of deterrence is "economic entanglement," which could "alter the cost-benefit calculation of a major state," since an attack triggers blowback effects. Given the "uncertainty about the effects on civilian targets and unpredictable consequences," cyber war is being limited "by the law of armed conflict." Civilian targets will be spared and an attack should be proportional.Is the fear of a cyberwar overhyped? Optimists say so. Thomas Rid, professor of security studies at King's College says: "Attacking a control system would be like entering a building, finding the secret engine room, fiddling with the engine, changing its settings - not shutting it down, but changing its settings - so that the engine does something very specific that you want it to do. And doing all of that in a way so the operators of the engine don't recognise what you're doing is actually quite difficult."Pessimists warn against scenarios of miscalculation. They argue that a very skilled and determined attacker who spends a lot of time preparing for an attack can do an enormous amount of damage to our critical infrastructure, and cause a lot of people to die and cause a lot of economic damage and make it very difficult to recover. Nye thinks deterrence in the cyber era may not be what it used to be. Read more

Good article. In every domain of warfare, you have the concept of deterrence, which consists of the real capabilities, the doctrine, and the awareness of others to understand your capabilities. The latest US Department of Defence Cyber Strategy describes well the current need to be more open with cyber capabilities. The new policy sets out when the US will use its cyber warfare capabilities to prevent an attack on the country, stating: “The US military may conduct cyber operations to counter an imminent or on-going attack against the US homeland or US interests in cyberspace." The strategy also states the importance of offensive cyber capabilities and how the US is building a “cyber mission force'” which will include nearly 6,200 military, civilian, and contractor support personnel from across the military departments and defense components.

Merely talking about (especially offensive) cyber capabilities in general terms, without revealing or even demonstrating the capabilities, will probably not advance deterrence enough. Currently, cyber warfare initiatives work by the rules of guerrilla warfare capabilities. However, this aspect will probably change. As US four-star general James Cartwright has said: “You can´t have something that´s a secret be a deterrent. Because if you don´t know it´s there, is doesn´t scare you. " Just as with kinetic weapons, your adversaries must know the weaponry you possess. To create deterrence, nation-states must be able to show some of their cyber capabilities without sacrificing the advantage that surprise delivers in defense and in offense. Traditional deterrence theory requires you to be able to demonstrate the capability to do something, and it is the same logic in cyber.

I believe, In the next couple of years nation-states will probably expose some of their offensive cyber capabilities more openly in order to enhance their deterrent effect. Nation-states will demonstrate their capabilities by organizing exercises and simulations which will be openly reported, and the effects of some offensive capabilities will be disclosed. However, in all likelihood this will not be enough. Nation-states are in a way forced to conduct cyber attacks in real situations and against real targets. This will mean attacks against terrorist or activist groups, industrial plants, or possibly even against other states. After these attacks, nations-states will claim responsibility in order to increase their cyber deterrence. Read more

There is a way to have "MAD" type deterrence without attribution. You make it a policy, that whenever any attack takes place, regardless of origin, you retaliate at a N targets chosen at random around the world. For best effect, N > size-of-world.

This requires a peculiar but form of credibility, but one that is within reach. Read more

PS On Air: The Super Germ Threat

NOV 2, 2016

In the latest edition of PS On
Air
, Jim O’Neill discusses how to beat antimicrobial resistance, which
threatens millions of lives, with Gavekal Dragonomics’ Anatole Kaletsky
and Leonardo Maisano of
Il Sole 24 Ore.

Subscribe to our Newsletter

Subscribe to our Newsletter

Sign up to receive newsletters about what's being discussed on Project Syndicate.

EmailReceive our Sunday newsletterA weekly collection of our most discussed columnsReceive our PS On Point newsletterStay informed of the world's leading opinions on global issues

Why not register an account with us, too? You'll be able to follow individual authors (to receive notifications whenever they publish new articles) and subscribe to more specific, topic-based newsletters.

Project Syndicate provides readers with original, engaging, and thought-provoking commentaries by global leaders and thinkers. By offering incisive perspectives from those who are shaping the world’s economics, politics, science, and culture, Project Syndicate has created an unrivaled global venue for informed public debate.